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Backgnnrod of the Inventk^ 

5 J. Field of the Invention 

This invention relates to vims scanning in a networked environment 
Z Related Art 

10 

Computer networking and the Internet in particular offer end users 
unprecedented access to information of all types on a global basis. Access to 
information can be as simple as connecting some type of competing device using a 
standard phone line to a network. With the proliferation of wireless cornrnunication, 
15 users can now access computer networks from practically anywhere. 

Connectivity of this magnitude has magnified the impact of computer 
viruses. Viruses such as "Melissa" and "I love you" had a devastating impact on 
compute! systems worldwide. Costs far dealing with viruses are often measured m 
20 milboos and tens of millions of dollars. Recently it was shown that hand-held 
computing devices are also susceptible to vimses. 

Virus protection software can be very effective in dealing with viruses, 
and virus protection software is widely available tor general computing devices such 
25 as personal computers. There are, however, problems unique to specialized 

computing devices, such as filers (devices dedicated to storage and retrieval of data). 
Off-the-shelf virus protection software will not ran on a specialized computing device 
unless it is modified to do so, and it can be very expensive to rewrite software to work 
on another platform . 
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A first known method is to scan for viruses at the data source. When 
the data is being provided by a specialized cmnpinAgdcvica the 
computing device must be scanned Devk^-spccific v™protecti« 
be written in order to scan the files on the device. 



WhiJe this first known method is effective in seaming files for viruses, 
it suffers from several drawbacks. First, a company with a specialized coinputing 
device would have to dedicate considerable resources to creating virus protection 

I up-to-date data files that protect against new viruses as (hey 
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Additionally, although a manufacturer of a specialized c 
device could enlist the assistance of a company that creates mamstream virus 
jm^tection software to write to 
15 create other problems, s^ 

software, cornpaulahty issues when h^ 



A second known method for protecting against computer viruses is to 
have the end user run anti-v^ Ami- virus software 
packages are offered by such companies as McAfee arid These programs 

ere loaded durm* the boot <mu^ 
nxniitoring memory and fto 

While this second known method is effective at im«*cepting and 
protecting the diem device nn^ H 
places the burden of detection at the last porable lmk m fce chain. If for any 
the vmia is itot detected riricr 

device where it will do the most damage (cmiupimg fito 
as and systems). 
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It is much better to sanitize a file at the source from what it may be 
delivered to millions of end users rather than deliver the file and hope that me cod 
user is prepared to deal with the file in the event the fiie is infected End users often 
have older versions of anti-virus software and/or have not updated (be data files that 
5 ensure the software is able to protect against newly discovered viruses, t 
detection at the point of mass distribution even more critical. 



Also, hand-held computing devices are susceptible to viruses, but they 
are poorly equipped to handle them. Generally, hand-held computing devices have 
very umrted memory resources compared to desktop systems. Dedicating a portion 
of these resources to virus protection severely limits the ability of the hand-held 
device to perform effectively. Reliable virus scanning at the information source is the 
most efficient and effective method. 



15 Protecting against viruses is a confrtant battle. New vinises are created 

everyday requiring vims protection software manufacturers to come op with new data 
tiles (solution algorithms used by anti-virus applications). By providing protection at 
the source of the file, viruses can be eliminated more efficiently and effectively. 



Security of data in general is impor tan t. Equally important is the trust 
ofthe end user. This comes fiomthe reoutaticm that precedes a 
companies that engage in web amimerce often live and die by their reputation. Just 
like an end user trusts that the credft cart number they haw 
based sales transaction is secure they waitt fiks they receive to b^ 



Accordingly, it would be desirable to provide a technique for scanning 
specialized computing devices for viruses and other mali cious or unwanted < 
that may oxd to be changed, deJete^ 
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The invention provides a method and system for scanning specialized 
computing devices (socfa as filer?) for viruses. Id a preferred embodunent, a filer is 
5 connected to one or more supplementary computing devices mat scan requested files 
to ensure they are virus free prior to delivery to end users. When an end user requests 
a fife from the filer the following steps occur First, the filer determines whether the 
file requested must be scanned before delivery to the end user. Second, the filer 
opens a channel to one of the external computing devices and sends the filename. 
10 Third, the external computing device opens the file and scans it Fourth, the external 
«)mputing device notifies me filer the status of tbc file scan operation. Fifth, the filer 
send* the file to the end user provided the status mmcates h may do so. 

Tms system is very efficient and effective as a file needs only to be 
15 scanned one time Cor a virus unless the file has been modified or new data files mat 
protect against new viruses have been added. Scan reports for files that have been 
scanned may be stored in one or more of the external computing devices, in one or 
more filers, and some portion of a scan report may be defavered to end users. 

20 In alternative embcrtirnenls of the invention one or more of the external 

computing devices may be tunning other supplementary applications, such as file 
compression and encryption, independently or in some combination. 

Brief Description of the Drawings 

25 

Figure 1 shows a block diagram of a system far decentralized appliance 
virus seaming. 

Figure 2 shows a process flow diagram for a system for decentralized 
30 virus scanning 

4 



Pctailed Description of the Prefcr^H F™frv44~~* 

In the following description, a preferred embodiment of the invention is 
described with regard to preferred process steps and data structures. Those skilled in 
5 the art would recognize after perusal of this application that embodiments of the 
invention can be implemented using one or more general purpose processors or 
special purpose processors or other circuits adapted to particular process steps and 
data structures described herein, and that implemeDttlion of the process steps and 
data structures descnlxrf hereto would 
10 invention. 

Lexicography 

The following terms refer or relate to aspects of the invention as 
15 described below. The descriptions of general meanings of these terms are not 
intended to be lirmting, only iltostrative. 
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Virus - in general, a manmade program or piece of code that is loaded onto a 
computer without the computer user's knowledge and runs against thexr 
wishes. Most viruses can also replicate themselves, and the more dangerous 
types of viruses are capable of transmitting themselves across networks and 
bypassing security systems. 



curat and server — m general, the» 

devices, particularly to their relationship as client and server, not necessarily to 
any particular physical devices. 



30 



For example, but without limitation, a particular cheat device in a first 
relationship with a first server device, can serve as a server device in a second 
relationship with a second cbent device. In a preferred embodiment, there are 



generally a relatively small number of server devices servicing a relatively 
larger number of client devices. 



• cheat device and server devfc» — b genera^these term 
5 taking on the role of a cb«nt devic*oraserverdevi«^ 

relantmitop (such as m HTTP There is no 

particular requirement that any client devices or server devices must be 
individual physical devices. They can each be a single device, a set of 
cooperating devices, a portion of a device, or some combination thereof. 

10 

For example, but without limitation, the client device and the server device in 
a client-server relation can actually be the same physical device, with a first set 
of software elements serving to perform client functions and a second set of 
software elements serving to perform server functions. 

IS 

• web cheat and web server (or web nit*) — as used herein the terms "web 

client" and tt wcb server" (or 'Veb site") refer to any combination of devices or 
software taking on the role of a web cliem or a web server m a cben^ 
environment in (he internet, the world wide web, or an eouivri^ 
20 thereof. There is no particular requirement that web clients must be individual 

devices. They can each be a single device, a set of coo|>eratmg device^ 
portion of a device, or some combination thereof (such as for example a device 
providing web server services that acts as an agent of the user). 

25 As noted above, these descriptions of general meanings of these terms 

are not intended to be lhniting, only iUustrative. Other and further applications of the 
invention, including extensions of these terms and concepts, would be clear to those 
of ordinary skill in the art after perusing this appUcation. These other and further 
applications are part of the scope and spirit of the mvention, and would be dear to 

30 those of ordinary skill in the art, without further mvention or undue expemnentation. 
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Figure 1 shows a block diagram of a system for decentralized appliance 
virus scanning. 

5 

A system 100 includes a client device 1 10 associated with a user 111, a 
wmmimicatkms network 120, a filer 130, ind a processing cluster 140. 

The client device 110 includes a processor, a main memory, and 
10 software for executing instructions (not shown, but understood by one stilled in the 
art). Although the client device 110 and filer 130 are shown as separate devices there 
is no recniircrneut that they be physically separate. 



In a preferred embodiment, the cornmmricarion network 120 i 
15 the Internet. In alternative embodiments, the communication network 120 may 
include alternative forms of comnramcan on, such as an intranet, extranet, -virtual 
private network, direct cmnmumcntion links, or some other combination or 



20 a communications link 115 operates to couple the diem devve 1 JO to 

the connnuracations network 120. 



Tne filer 130 includes a processor, a main memory, software for 
executing instructions (not shown, but understood by one skilled in the art), and a 
25 mass storage 131. Although the client device 110 and filer 130 are shown as separate 
devices there is no requirement that they be separate devices. The filer 130 is 
connected to the conrniumcanons network 120. 

The mass storage 13] includes at least one file 133 that a capable of 
30 being requested by a client device ] ] 0. 
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The processing duster 140 includes one or more duster device 141 
each mciudmg a processor, a main memory, software for executing instructions, and a 
mass storage (not shown but understood by one skilled in the art). Although the filer 
130 and the processing cluster 140 are shown as separate devices there is no 
5 requirement that they be separate devices. 

In a preferred embodiment the processing cluster 140 is a plurality of 
personal computers in an mtercoimected cluster capable of mtercornnmmcation and 
direct communication with the filer 130. 

The cluster link 1 35 operates to connect the processing cluster 140 to 
The cluster link 135 may mdude rjon-uniform memory access 
connnunication via an intranet, extranet, virtual private network, direct 
a hok*, or acme other combination or cccjuccnon thereof 

Method of Operation 

Figure 2 shows a process flow magiam for a system for decent 
appliance virus scanning. 

A method 200 includes a set of flow points and a set of steps. The 
system 1 00 performs the method 200. Although the method 200 is described serially, 
the steps of the method 200 can be performed by separate elements in conjunction or 
in parallel, whether asyndmmoualy, in a pipelined manner, or otherwise. There is no 
particular requirement that the method 200 be performed in the same order in which 
this description lists the steps, except where so mdicated. 

At a flow point 200, the system 100 is ready to begin performing the 

method 200. 



the filer 130. 
(NUMA),orc 



At a rtcp 201, a user 1 1 1 utilises the client device 1 10 to initiate a 
request for a file 133. The request is transmitted to the filer 130 via the 
communications network 120. In a preferred embodiment the filer 130 is performing 
file retrieval and storage at the direction of a web server (not shown but understood 
5 by one skilled in the art). 



At a step 203, the filer 130 receives the request for the file 133 and 
sends the file ID and path of the file 133 to the processing chister 140 where it is 
received by one of die duster device 141. 

10 

At a step 205, the cluster device 141 uses the file ID and path to open 
the file 133 in the mass storage 131 of the filer 130. 

At a step 207, the cluster device 141 scans the file 133 for viruses. Ina 
15 pefenedembooUine^ 

fashion. In alternative embodiments files may be processed individually by a cluster 
device 141, by multiple cluster device 141 simultaneously, or some combination 
thereof. Ix»ad balancing inay be used to ensure m 
within the processing cluster 140. 

20 

There are several vendors offering virus protection software for 
personal computers, thus the operator of the filer 130 may choose whatever product 
they would like to use. They may even use combinations of vendors 1 rxrjducts in the 
processing cluster 140. In an alternative embodiment of the invention, continual 
25 scanning of every file 133 oo the filer 130 may take place. 

The rnocessmg cluster W The price of personal 

cormarters is low compared to dedicated devices, such as filers, therefore this 
auifigurmtion is very desirable. A&mionally, a cluster configuration offers rarurrdant 
30 systems availability incase a ctoster device 141 fails - raik^ 
possible within the processing cluster. 

9 



WO 02/44*62 



FCT/US0 1/4*6*8 



At a step 209, the cluster device Ml transmits a scan report to the filer 
130. The scan report primarily reports whether die file is safe to send Further 
information may be saved for statistical purposes (for example, how many files have 
5 been identified as infected, was the virus software able to sanitize the file or was the 
file deleted) to a database. The database may be consulted to determine whether the 
file 133 needs to be scanned before delivery upon receipt of a subsequent request. If 
the file 133 has not changed since it was last scanned and no additional virus data 
files have been added to the jmxessmg cluster, the fik 1^^ 
10 be scanned This means the file 133 can be o^vacd am ojnetiy. 

Other intennedaxy sppfic 
with other applications, or in some combination thereof within the processing cluster 
140. Compression and encryption utilities are some examples of these applications. 
15 These types of educations, rnchxhng virus scanmng, can be very CPU intensive, 
thus outsourcing can yield better performance by allowing a dedicated device like a 
filer to do what it does best and farm out other tasks to the processing cluster 140. 



20 



At a step 2 1 1 , the filer 1 30 transmits or does not transmit the file 133 to 
the client 1 10 based on its availability as lepc^followmgtheacaabyme 
processing cluster 140. Some portion of the scan report may also be transmitted to 
the user. 



At this step, a request for a file 133 has been received, the request has 
25 been processed, and if possible a file 133 has been delivered. The process may be 
repeated at step 201 for subsequent requests. 

Generality of the Invention 

30 The iirvenuon has wide appUcability and generality to other aspects of 

processing requests for files. 

10 
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The invention is applicable to one or more of, or some combraatioo of, 
circumstances such as those involving: 

• file compression; 

• file encryption; and 

• gencni outsourcing of CPU intensive taste from dedicated appliances to 




Although preferred embodiments are disclosed herein, many variations 
are possible which remain within the concept, scope, and spirit of the invention, and 
these variations woold become dear to those skilled in the tit after perusal of this 
application. 
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1. A method for operating a filer including the steps o£ 

receiving at ■ first location a request from a user far an object; 

processing said request at a second location, wherein said step of 
processing includes at Jeast one of the following: (1) scanning for one or more 
recognizable patterns of data within said object, (2) compressing said object, and (3) 
encrypting said object; 

responding to said request, wherein said step of responding includes 
delivery of a response to said user. 

2. The method of claim 1, wherein sak! request is in an eleotronic form. 

3. The rnethod of claim 1, wbercm said object is a file 

4. The method of claim 3, wherein said step of processing said request 
further includes the steps of: 

creating an access path from said fito to a processmg ctaster, 
processing said file in said processing cluster; and 
generating a scan report wherein, said scan report is responsive to said 
processing of said file in said processing cluster. 

5. The method of claim 4, wherein said step of creating an access path 
includes sending the ID and path of said file from said filer to said procesamg cluster. 

6. The method of cliim 5, wherein said step of sending is accornplishcd 
using non-uniform memory access. 

7. The method of claim 5, wherein said step of sending is accomplished 
using a communications network. 

12 
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8. The method of claim S, wherein B*iA gtq) of sending a accomplished 
using a direct connection. 

9. The method of claim 4, wherein said step of processing of said file is 
5 performed by said processing cluster in i round robin fashion for subsequent files 



10. The method of claim 4, wherein said step of processing of said file 
is accomplished in parts by more than one device in said processing cluster. 

10 

11. The method of claim 4, wherein all files stored on said filer are 
scanned in a logical continuous manner. 



12. The method of claim 4, wherein said scan report contains a set of 
15 status data relating to said processing of said file. 



13. The method of claim 1 2, wherein said status data includes at least 
one data element identifying the presence or non-presence of a virus in said file. 

20 14. The method of claim 13, wherein said report is transferred to said 

filer. 

15. The method of claim 1 4, wherein said report is stored in a fust 



16. The method of claim 15, wherein the necessity for subsequent 
scanning of said file is a function of detennining whether said database contains said 
report relating to said file and whether said file has changed since last accessed. 
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17. The method ofclaim 16, wherein the necessity for subsequent 
scanning of said file is a function of determining whether additional yam 
identification data files have been added to said processing cluster. 

18. The method of claim ^wherein aaid delivery of a response is said 

file. 

19. The method of claim 1, wherein said delivery of • response 
includes notification to said user that said file is unavailable. 

20. The method of claim 1, wherein said step of responding to said ' 
request includes sending said user a copy of said scan report 

21. An apparatus for operating a filer including: 

means for receiving at a firm location a request fom a user for an 

ooject; 

means for processing said request ea a second location, wherein said 
means for rjrocessing includes at least one of the foUowing; (1) means for searching 
foT one or more recognizable patterns of dam within said object, (2) means for 
compressing said object, and (3) means for encrypting said object 

means for responding to said request, wherein said means for 
responding includes delivery of a response to said user. 

22. The apparatus of claim 21 , wherein said object is a file. 

23. The apparatus of claim 22, wherem said means for processing said 
reque st further iTtcludesi 

means for creating an access path from said filer to a processing cluster; 
means for processing said file in said pmr»«iing cluster; and 
means for generating a sexn report wherein, said scan report is 
responsive to said processing of said file in said processing duster. 

14 
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24. The apparatus of claim 23, wherein said means far creating an 
access path includes means for sending the ID and path of said file from said filer to 
said processing duster. 

25. The apparatus of claim 24, wherein said sending is accomplished 
using nonHmifoxm memory access. 

26. The apparatus of claim 24, wherein said sending is accomplished 
using a communications network. 



27. The apparatus of claim 24, wherein said sending is accomplished 
using a direct connection* 

28. Theapi»ratusofclfflm23,wnerem8M^ 

performed by said processing cluster in a round robin fashion for subsequent files 
received. 



29: The apparatus of claim 23, wherein said processing of said file is 
performed on atomic units of said file by more than one device in said processing 



30. The apparatus of claim 23, wherein all files stored on said filer are 
scanned in a logical continuous manner. 

31. The apparatus of claim 23, wherein said scan report contains a set 
of status data relating to said processing of said file, 

32. The apparatus of claim 31, wherein said status data includes at least 
one data element identifying the presence or non-presence of a virus in said file. 
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33. The apparatus of claim 3], wherein said report is transferred to said 

filer. 



34. The apparatus of claim 33, wherein said report is stored in a first 

5 database. 

35. The apparatus of claim 34, wherein the necessity for subsequent 
scanning of said file is a function of determining whether said database contains said 
report relating to said file and whether said file has changed since last accessed 

10 

36. The apparatus of claim 35, wherein the necessity for subsequent 
scanning of said file is a function of determining whether additional virus 
identification data files have been added to said processing cluster. 

15 37. The apparatus ofcJaim 21, wherein said cWivery of a response is 

delivery of said file. 

38. The apparatus of claim 21, wherein said delivery of a response 
includes delivery of notification to said user that said file is unavailable. 

39. The apparatus of claim 21, wherein said resporjdmg to sakJ request 
includes sending said user some portion of said scan report 

40. A method of attempting to provide virus protection in a client- 
server environment, comprising the steps of: 

recervrngaitquestataserverfarafile; 

sending an identifier for the fik to a scanning device that scans the file 

tor viruses; 

receiving an indication from the scanning device as to whether or not 
the file is safe to send from the server, and 
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responding to the request by sending the file if the indication is that the 
file is safe to send. 

41. A method as in claim 40, wherein the scanning device indicates 
5 that the file is safe to send if the scanning device determine* that the file is not 

infected with any viruses. 

42. A method as in claim 40, wherein the request is received from and 
the file is sent to a client device. 

10 

43. A method as in claim 40, wherein the server is a web server. 

44. A method as in claim 40, wherein the scanning device is one of a 
cluster of devices connected to the server that function similarly to the scanning 

15 device. 

45. A method as in claim 44, wherein the cluster of devices is a cluster 



20 A method of attempting to provide virus protection in a cbent- 

so£ 

? a database that indicates if files served by a *ervcr are safe 
to send from the server; 

receiving a request at the server for a file; 
25 if the database tndi catcs that the file is safe to send, responding to tbe 

request by sending the file; and 

if the database does not indicate that the file is safe to send, then 
sending an identifier for the file to a scanning device that scans tbe file for viruses, 
receiving an indication from the scanning device as to whether or not the file is safe 
30 to send from the server, and responding to the request by sending the file if the 
in dica tio n is that the file is safe to send 
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47. A method as in claim 46, wherein r 
comprises the steps oft 

tracking received indications from (be scanning device; and 
5 tracking accesses to the file. 

48. A method as in claim 47, wherem a tracked indication in the 
database that the file is safe to send is cancelled if the file has changed since the 
tracked indication was incorporated into the database. 

10 

49. A method as in claim 46, wherein the scanning device indicates 
mat the file is safe to send if the scanning device determines that the file is not 
infected with any viruses. 

15 50 Ainethcdastodaim46,wheTemthem 

the file is sent to a client device. 

51. A method as in claim 46, wherein the server is a web server. 

20 52. A method of attenipting to provide virus protection in a client- 

server environment, comprising the steps of: 

receiving from a server, at a scanning device connected to the server, an 
identifier for a file stored on mass storage for the server; 
scanning the file for viruses; and 
25 reporting an indication to the server as to whether or not the file is 

infected. 

53. A method as in claim 52, further c<mmrising the step of changing, 
deleting, or otherwise modifying the file based on a result of scanning the file for 
30 viruses. 
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54. A method as in claim 52, wherein the server is a web server. 



55. A method as in claim 52, whereiD the scanning device is one of a 
dusto of devices connected to the server that function similarly to the seaming 

5 device. 

56. A method as in claim 55, wherein the cluster of devices is a cluster 
of interconnected personal computers. 

10 57. A server to attempts to provide vims protection m a ch'em-server 

cflVi r on pflfl^ comp^ff^^^i 

a comnnmiCThon link to cKcnt devices; 
mass storage for files; and 

a processor that executes instructions in order to send requested files to 
15 the client devices, the instructions also including instructions (a) to receive a request 
for a file, (b) to send an identifier for the file to a scanning device that scans the file 
for viruses, (c) to receive an odka^tami^wemdDgdBmn^y^e^ariMA 
the fik is safe to scml trom fee server, and (dO to 
. the file if the indication is that the file ia safe to send. 

20 

58. A server as in claim 57, wherein the scanning device indicates that 
the ffleu* safe to send if the scannm 
with any viruses. 

25 59. A server as in claim 57, wherein the request is received from and 

the file is sent to a client device. 

60. A server as in claim 57, wherein the server is a web server. 
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61. A server as in claim 57, wbcnan the scanning device is one of a 
cluster of devices connected to the server that function similarly to the scanning 
device 

62. A server as in claim 61 , wherein the duster of devices is a cluster 
of interconnected personal computers. 

63. A server that attempts to provide virus protection in a cheat-server 



10 a communication link to client devices; 

mass storage for files; and 

a processor that executes instnjetions in order to send requested files to 
the client devices, the instructions also rnctoding instructions (a) to maintain a 
database that indicates if files served by a server are safe to send from the server, (b) 

IS to receive a request at the server for a file, (c) if the database indicates that the file is 
safe to send, to respond to the request by sending the file, and (d) if me database does 
not indicate that the file is safe to send, then to send an identifier for the file to a 
scaoning device that scans the file for viruses, to receive an indication from the 
scarming device as to whether OTra^ 

20 respond to the request by sending the file if the indication is that the file is safe to 



64. A server as rn claim 63, wherein the instructions to maintain the 
database further conrp^ise instructions to track received indkafiom firm the s^mnr^ 

25 device, and to track accesses to the file. 

65. A server as in claim 64, wherein a tracked indication in the 
database that the file is safe to send is cancelled if the file has changed since the 
tracked indication was incorporated into the database 

30 
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66. A server as in claim 63, wherein the scanning device indicate that 
the file is safe to tend if the scanning device determines that the file is not infected 
with any viruses. 

5 67. A server as in claim 63, wherein the request is received from and 

the file is sent to a client device. 

68. A server as in claim 63, wherein the server is a web server. 

10 69. A scanning device that attempts to provide vims protection far a 

server in a client-server environment, comprising: 

a communication link to the sever, and 
a processor that executes instructions, the instructions inclu ding 
instructions (a) to receive from the server an identifier for a file stored on mass 
15 storage for the server, (b) to scan the file for viruses, and (c) to report an indication to 
the server as to whether or not the file is infected. 

70. A scanning device as in claim 69, wherein the instructions further 
comprise instructions to change, delete, or otherwise modify the file based on a resah 

20 of scanning the file for viruses. 

71. A scanning device as in claim 69, wherein the server is a web 

server. 

25 72. A scanning device as in claim 69, wherein the scanning device is 

one of a cluster of devices connected to the server that function similarly to the 
scanning device. 

73. A scanning device as in claim 72, wherein the ciuster of devices is 
30 a cluster of interconnected personal co mpute r s . 
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74. Storage containing information including instructions, the 
instructions executable by a processor to attempt to provide vims protection in a 
client-server environment, the instructions comprising the steps of: 

receiving a request at a server for a file; 
5 sending an identifier for the file to a Bcanning device thai scans the file 

for viruses; 

receiving an indication from the scanning device as to whether or not 
the file is safe to send from the server; and 

responding to the request by sending the file if the indication is that the 
10 file is safe to send 

75. Storage as in claim 74. wherein the scanning device indicates that 
the file is safe to send if the scanning device determines that the file is not infected 
with any viruses. 

15 

76. Storage as in claim 74, wherein the request is received from and the 
file is sent to a client device. 

77. Storage as in claim 74, wherein the server is a web server. 

20 

78. Storage as in claim 74, wherein the scanning device is one of a 
cluster of devices connected to the server that function similarly to the samning 



25 79. Storage as in claim 78, wherein toe cluster of devices is a cluster of 



80. Storage containing information including instructions, the 
instructions executable by a processor to attempt to provide virus protection in a 
30 client-server environment, the instructions comprising the steps of: 
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niaintaining a database that indkatoif files awved by a saver are safe 
to scad from the server, 

reccivmg i request at the server for o file; 

if the database indicates that the file is safe to send, responding to the 
5 request by sending the file; and 

if the database does not indicate that the file is safe to send, then 
sending an identifier for the file to a scanning device that scans the file for viruses, 
receiving an indication from the scanning device as to whether or not the file is safe 
to send from the server, and respcawfing to the request by sending the file if the 
10 indication is that the file is safe to send 

81. Storage as in claim &0, wherein maintaining the database further 
c ompr ises the steps of: 

tracking received indications from the scanning device; and 
15 tracking accesses to the file. 



82. Storage as in claim 81, wherein a tracked indication in the database 
that the file is safe to send is cancelled if the file has changed since the tracked 
indication was incorporated into the database, 

20 

83. Storage as in chum 80, wherein the scanrnng (tevice indicates tiatt 
theffleissafetoserrdifthescaim^ 

with any viruses. 

25 84. Storage as in claim 80, wherein the reonesl is received fiom and the 

file is sent to a client device. 



85. Storage asm claim 80, wherein the server is a webserver. 
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86. 

instructions executable by a processor to attempt to provide vims protection in a 
client-server environment, the tastroctions comprising the gteps of: 

receiving foam a server, at a scanning device connected to tbe server, in 
identifier for a file stored on mass storage for the server, 

scannin g the file for viruses; and 

reporting an indication to tbe server as to whether or not the file is 

infected. 

87. Storage asm claim 86, wherein the instincticm further con^wise 
the step of changing, deleting, or otherwise modifying the file based on a result of 
% the file for viruses. 



88. Storage asm claim 86, wherein the server is a webserver. 

89. Storage as in claim 86, wherein the scanning device is one of a 
cluster of devices comMCted to the server that nmction similariy to the scanning 
device. 

90. Storage as in claim 89, wherein the cluster of devices is a chister of 
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